1
0
Fork 0

grafana oauth configuration

This commit is contained in:
Massaki Archambault 2022-08-28 18:29:26 -04:00
parent fe75573c34
commit c2c5aff42f
4 changed files with 29 additions and 2 deletions

View File

@ -29,12 +29,13 @@ spec:
env:
- name: GF_SERVER_DOMAIN
value: ${GRAFANA_EXTERNAL_HOST}
- name: GF_SERVER_ROOT_URL
value: https://${GRAFANA_EXTERNAL_HOST}/
# - name: GF_AUTH_ANONYMOUS_ENABLED
# value: "true"
- name: GF_INSTALL_PLUGINS
value: marcusolsson-json-datasource,marcusolsson-treemap-panel
- name: GF_FEATURE_TOGGLES_ENABLE
value: ngalert
args: ['--config', '/etc/grafana/provisioning/config/custom.ini']
readinessProbe:
failureThreshold: 3
httpGet:
@ -66,12 +67,17 @@ spec:
volumeMounts:
- name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources
- name: grafana-config
mountPath: /etc/grafana/provisioning/config
- mountPath: /var/lib/grafana
name: grafana-pv
volumes:
- name: grafana-datasources
configMap:
name: grafana-datasources
- name: grafana-config
secret:
secretName: grafana-config
- name: grafana-pv
persistentVolumeClaim:
claimName: grafana-pvc

View File

@ -7,6 +7,12 @@ configMapGenerator:
files:
- datasources.yaml=provision/datasources.yaml
secretGenerator:
- name: grafana-config
type: Opaque
literals:
- custom.ini=
# secretGenerator:
# - name: postgres-credentials
# type: Opaque

View File

@ -0,0 +1,9 @@
[auth.generic_oauth]
enabled = true
allow_sign_up = false
client_id = 5yCpX9YovdrEuBpy69438S8GzCUJZLxqFl4rOcIpjBHICRpJzjv56VMxslKj7iqm
client_secret = ${ssm:/k3s/prod/nextcloud/oidc/grafana/client_secret}
scopes = openid profile email
auth_url = https://cloud.badjware.dev/apps/oidc/authorize
token_url = https://cloud.badjware.dev/apps/oidc/token
api_url = https://cloud.badjware.dev/apps/oidc/userinfo

View File

@ -65,6 +65,12 @@ secretGenerator:
behavior: replace
files:
- agent.yaml=configurations/grafana-agent/agent.yaml
- name: grafana-config
type: Opaque
namespace: grafana
behavior: replace
files:
- custom.ini=configurations/grafana/custom.ini
# - name: grafana-cloud-credentials
# type: Opaque
# namespace: monitoring